Security update for python-notebook (moderate)

openSUSE Security Update: Security update for python-notebook Announcement ID: openSUSE-SU-2024:0231-1 Rating: moderate References: 1227583 Cross-References: CVE-2019-11358 CVE-2021-32798 CVSS scores: CVE-2019-11358 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-32798 NVD : 9.6...

Security update for python-Django (important)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2024:0251-1 Rating: important References: 1207565 1227590 1227593 1227594 1227595 Cross-References: CVE-2023-23969 CVE-2024-38875 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVSS scores: CVE-2023-23969 NVD :...

Security update for python-sentry-sdk (moderate)

openSUSE Security Update: Security update for python-sentry-sdk Announcement ID: openSUSE-SU-2024:0214-1 Rating: moderate References: 1228128 Cross-References: CVE-2024-40647 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: Thi...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

SUSE-SU-2024:0329-2 Security update for python

This update for python fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638...

SUSE-SU-2023:4608-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. bsc1216588...

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by...

Security update for python-mitmproxy (moderate)

openSUSE Security Update: Security update for python-mitmproxy Announcement ID: openSUSE-SU-2023:0232-1 Rating: moderate References: 1190603 Cross-References: CVE-2021-39214 CVSS scores: CVE-2021-39214 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

Security update for python-Django (moderate)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2023:0178-1 Rating: moderate References: 1203793 1207565 1208082 1212742 Cross-References: CVE-2022-41323 CVE-2023-23969 CVE-2023-24580 CVE-2023-36053 CVSS scores: CVE-2022-41323 NVD : 7.5...

Security update for python-Django1 (important)

openSUSE Security Update: Security update for python-Django1 Announcement ID: openSUSE-SU-2023:0177-1 Rating: important References: 1212742 Cross-References: CVE-2023-36053 CVSS scores: CVE-2023-36053 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-36053 SUSE: 5.9...

OPENSUSE-SU-2023:0075-1 Security update for python-Django

python-Django was update to fix: - CVE-2023-24580: Prevent DOS in file uploads. bsc1208082...

Security update for python-mechanize (moderate)

openSUSE Security Update: Security update for python-mechanize Announcement ID: openSUSE-SU-2023:0030-1 Rating: moderate References: 1202003 1207242 Cross-References: CVE-2021-32837 Affected Products: openSUSE Backports SLE-15-SP4 An update that solves one vulnerability and has one errata is now...

SUSE-SU-2022:0802-2 Security update for python-libxml2-python

This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes bsc1196490...

OPENSUSE-SU-2020:2189-1 Security update for python

This update for python fixes the following issues: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2020:0696-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised bsc1155094. - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs...

OPENSUSE-SU-2020:0507-1 Security update for python-PyYAML

This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader bsc1165439. This update was imported from the SUSE:SLE-15-SP1:Update update project...

SUSE-SU-2020:0255-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor bsc1154370...

SUSE-SU-2019:2748-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module bsc1149955. - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py bsc1153238...

SUSE-SU-2019:2391-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue bsc1129071. - CVE-2019-11324: Fixed invalid CA certificat verification bsc1132900. - CVE-2019-11236: Fixed CRLF injection via request parameter bsc1132663...